x0rz is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

x0rz @x0rz@mastodon.social

Pinned toot

Tweets are automatically forwarded from twitter.com/x0rz

An attacker hijacked the Fox-IT.com domain on September 19 2017, here is the incident report fox-it.com/en/insights/blogs/b

Targeting the safety system is the natural choice if you want to disrupt critical industrial facilities. And this was just a repetition. Mr Robot was just ahead of its time! t.co/ynqlzDvI0v

So now, who have been poking around critical infrastructures for the past few years? Yeah right ;)

Source code repositories (like Git) are most definitely targets of choice. Here is a way to hide arbitrary code (could be some bugdoor) content from Git logs/diff πŸ‘ twistlock.com/2017/12/13/hidin t.co/AQoAUUsQ3N

Christmas came in early this year, new keyboard πŸ€— t.co/TOWUeYj4Pn

Yes I believe OpenSSH for Windows will be abused at some point by offensive security specialists, nothing to be mad about 😳

Sorry, but OpenSSH is the best RAT for *nix systems, don't be mad at me Β―\_(ツ)_/Β―

"Can't disable HTTP because too many people around the world have limited internet access" yeah right, mandatory encryption is really limiting πŸ™„πŸ€” bugs.freebsd.org/bugzilla/show t.co/CGP86jUbhd

Can't wait to see people realize they won't be able to cash-out massively when all this crashes ( Ν‘Β° ΝœΚ– Ν‘Β°) status.coinbase.com/incidents/ t.co/q19nDoa8y3

Israeli company TargetingEdge behind OSX.Pirrit PUP threatening researchers. Haven't they heard of the Streisand effect? cybereason.com/blog/targetinge

"By design, TP-Link firmware sends six DNS requests and one NTP query every 5 seconds, for a total of 715,4 MB per month." wtf @TPLINK ctrl.blog/entry/tplink-aggress

Facebook page hxxps://facebook.com.alt-post[.]bid/marketplace/item/849274986238746872364129.html
Phisher tried the phishing page w/ test:test from his IP address (as seen from the accessible logs πŸ€¦β€β™‚οΈ), appears to be from Miami, Florida πŸ‡ΊπŸ‡Έ t.co/2OwVGfkQox

Also, if I can catch you so does the FBI. Without formal approval from Google (which in this case is 100% certain they didn't get) I suggest you to lawyer up! ;)

Hey redteamers, make sure to apply basic before you get your ass whooped in a legal court.
Impersonating Google and targeting personal cloud services might not be the best idea. If you want to simulate an APT, you should experience the same opsec constraints.